paragonie / certainty Goto Github PK
View Code? Open in Web Editor NEWAutomated cacert.pem management for PHP projects
Home Page: https://paragonie.com/b/W-QQeh1z7ijYMXi7
License: Other
Automated cacert.pem management for PHP projects
Home Page: https://paragonie.com/b/W-QQeh1z7ijYMXi7
License: Other
https://twitter.com/CiPHPerCoder/status/1178177145014816768
Trust me, I know.
Just let me fix this. Argh!
If you're not familiar with Chronicle, it's basically a distributed ledger.
We should commit the following information to a common Chronicle:
paragonie/certainty
) (EDIT: wrong name)We can then include a Chronicle hash alongside each update, adding another layer of verification behind our releases.
This commit modified cacert-2022-07-19.pem which now shows the downloaded file as being bad. Is there a way to get certainty to download the file again during the composer update
process?
diff --git a/data/ca-certs.json b/data/ca-certs.json
index 55d28060..fea53804 100644
--- a/data/ca-certs.json
+++ b/data/ca-certs.json
@@ -1,226 +1,235 @@
[
- {
- "chronicle": "MsAFf8qPoG0CIgOPWKSc7Gm2yW3yWw1noeQloIY3fe0=",
- "date": "2022-04-26",
- "file": "cacert-2022-04-26.pem",
- "sha256": "08df40e8f528ed283b0e480ba4bcdbfdd2fdcf695a7ada1668243072d80f8b6f",
- "signature": "0022b6276c1353367bc63100527f6f1e6b5e3195ae09d2a7b9f16a510fa74fcb0a3338edae05ab5ba6a6604d48262f5846daf8a835deac968c2f5702c66c3f09",
- "trust-channel": "Mozilla"
- },
- {
- "chronicle": "i7AOI54CY6k4gkCg8JwQTncHgPlQK1AJFJfwVJRoUWg=",
- "date": "2022-03-18",
- "file": "cacert-2022-03-18.pem",
- "sha256": "2d0575e481482551a6a4f9152e7d2ab4bafaeaee5f2606edb829c2fdb3713336",
- "signature": "80039a6fc03173635138cd128bde1884eab3265c8202a3fa3bfff63eba04203200cc7289d8c89fbb12a54769098680ef128532b893a738467064f15674b34e05",
- "trust-channel": "Mozilla"
- },
- {
- "chronicle": "UBTl8kOHJQaIySGaOcj1pgj1riLzEL-slR5jnQKk0hQ=",
- "date": "2022-02-01",
- "file": "cacert-2022-02-01.pem",
- "sha256": "1d9195b76d2ea25c2b5ae9bee52d05075244d78fcd9c58ee0b6fac47d395a5eb",
- "signature": "0cec2588e826f19373b08cb72193d1e285d5523c4644d7592e71cc5645905c8f0a4400a02ae0faa7fb22b3295c6e86dbae4080f29ed2d7af2bb9a36daa87eb05",
- "trust-channel": "Mozilla"
- },
- {
- "chronicle": "qPtAFNW4gxaw7p5dzlU2dlpaFfcIKrYypHYq-wv4z3U=",
- "date": "2021-10-26",
- "file": "cacert-2021-10-26.pem",
- "sha256": "ae31ecb3c6e9ff3154cb7a55f017090448f88482f0e94ac927c0c67a1f33b9cf",
- "signature": "21bdd9871f8bcae2f354c4c09ae4a03e0a29e973c33a1d4607bf07e6b9b55cb2973c08cef3bcda5b064ba1971aed8e0399292bb823a7b2cfe0e6505e07b0120c",
- "trust-channel": "Mozilla"
- },
- {
- "chronicle": "qi_kK3qGdkbz5DnY9WssEUycqGWlR1qZV_pzRK8jTNg=",
- "date": "2021-09-30",
- "file": "cacert-2021-09-30.pem",
- "sha256": "f524fc21859b776e18df01a87880efa198112214e13494275dbcbd9bcb71d976",
- "signature": "ada589b1bb75ee867bee6ad3ff7af5c70b0dcdcd9370aac25791018d615642457c1aa97a1ed6245f8618d970c64e0d6211befed168137aaf89ee9c5369a2070d",
- "trust-channel": "Mozilla"
- },
- {
- "chronicle": "HwWisDykcIRkFMYVxvTkcpmNQapX0bTtkgWAZYhfHoo=",
- "date": "2021-07-05",
- "file": "cacert-2021-07-05.pem",
- "sha256": "a3b534269c6974631db35f952e8d7c7dbf3d81ab329a232df575c2661de1214a",
- "signature": "f1d5bfba84a875440495647fbb172b7cd690835cea1257ccfc588182f788c302cbcb765cf28b37331afb6a1b59766a23c39b57930ab53516f698b01ce24f7e0e",
- "trust-channel": "Mozilla"
- },
- {
- "chronicle": "lX11jIxsfv5zRRn101HwYvme0dlsjDsbQGCq3X2hbEk=",
- "date": "2021-05-25",
- "file": "cacert-2021-05-25.pem",
- "sha256": "3a32ad57e7f5556e36ede625b854057ac51f996d59e0952c207040077cbe48a9",
- "signature": "902eca7e6c2985e17a69d3dbbff0b62bef26261b27372e0674685a52cd19044ec2094286474a8f2d6c24236e97390174558b60869b63c0041d9c1668790e1308",
- "trust-channel": "Mozilla"
- },
- {
- "chronicle": "b-9qXkNR-mM_zU3Jy-WfgWIEZ2cYeKwrnoa1vrFkH6o=",
- "date": "2021-04-13",
- "file": "cacert-2021-04-13.pem",
- "sha256": "533610ad2b004c1622a40622f86ced5e89762e1c0e4b3ae08b31b240d863e91f",
- "signature": "6f9e9b320cdd771b41556deea796f817eb4eff93d72d023d857dfb51c9b03490417a456d39dfdfb4e947ceb412d344c87a6ec31fc5ce820da37ce3233992ff0e",
- "trust-channel": "Mozilla"
- },
- {
- "chronicle": "g0XRUTaOBRgYdWNVCfAtSukBAOcDwpYILu1zWBRS1CM=",
- "date": "2021-01-19",
- "file": "cacert-2021-01-19.pem",
- "sha256": "e010c0c071a2c79a76aa3c289dc7e4ac4ed38492bfda06d766a80b707ebd2f29",
- "signature": "c5057562dd4610ea5a2fae7db283a6d10b80802f62da164885dd99abe95621e6ba90ee341b5e472b7d243607431ffa0a4750cbd9bc06ff5a001ef1b3eaef4a09",
- "trust-channel": "Mozilla"
- },
- {
- "chronicle": "527Ync4-R9x1vU0zRjb0HegpaEm0PG7CdniSF_v1Kps=",
- "date": "2020-12-08",
- "file": "cacert-2020-12-08.pem",
- "sha256": "313d562594ebd07846ad6b840dd18993f22e0f8b3f275d9aacfae118f4f00fb7",
- "signature": "5cbaeb63be8978a6a0340d70bdc97a8f6dff181bbdd6db5bef03bbc3a1c9fa0daa8b1e9410021bf62bc52478743477c76502a3cef1103a8bd9c9e5c9b4017907",
- "trust-channel": "Mozilla"
- },
- {
- "chronicle": "ODYFGSzD1oJ2sqqXs_XvtUW1pjoraYGcJtWlJnvn9eo=",
- "date": "2020-10-14",
- "file": "cacert-2020-10-14.pem",
- "sha256": "bb28d145ed1a4ee67253d8ddb11268069c9dafe3db25a9eee654974c4e43eee5",
- "signature": "87bb0a9756dfd5877d4340a4a069d8909da3fdeb8a6015819dfd870e30c76ba8a2fbd3828eec408b744d645a751042e16905e7a36607e6bb526a687b41ed3306",
- "trust-channel": "Mozilla"
- },
- {
- "chronicle": "_GX0WG0O7NIuXh_xMO_MGjTZz6wEUE4VKWYPWvc0DEM=",
- "date": "2020-07-22",
- "file": "cacert-2020-07-22.pem",
- "sha256": "2782f0f8e89c786f40240fc1916677be660fb8d8e25dede50c9f6f7b0c2c2178",
- "signature": "0a9c70bd5837fa8ebc13038e9c1d7bae2c771984dcc1e3d69b15ef7d9efbc1e0aa459fd856895116c184d61c6232f5a2f0f6304852c98fba41db728f7efd2308",
- "trust-channel": "Mozilla"
- },
- {
- "chronicle": "Q55vLfKV5CwScvCtHfgHh6ZA7Yznt0KTuwXZXNPMNKw=",
- "date": "2020-06-24",
- "file": "cacert-2020-06-24.pem",
- "sha256": "726889705b00f736200ed7999f7a50021b8735d53228d679c4e6665aa3b44987",
- "signature": "deb7deb691a637d40e727043365779f66cc3672f421a9097604916880a2b7b456b31d55c76b8f17afa41ac01b0645c5e3e6d7654196b4d9c92686e086162c30c",
- "trust-channel": "Mozilla"
- },
- {
- "chronicle": "wCG8YrvbmDm9gefwmjB4eAjlRJiHxKVAcsiuoGLIqik=",
- "date": "2020-01-01",
- "file": "cacert-2020-01-01.pem",
- "sha256": "adf770dfd574a0d6026bfaa270cb6879b063957177a991d453ff1d302c02081f",
- "signature": "e0f50aa86e2977f37ec4c5dba72dd1aaea87389c439d701709d0fbe3351d59225da33b601e1c0789c8b6c1418f3c337daca24f63f17565e46bf3b2873928d20e",
- "trust-channel": "Mozilla"
- },
- {
- "chronicle": "it79kHqPiO9miqIkDLuWEN8O4fCSiP3gMdCp9pVKV2I=",
- "date": "2019-11-27",
- "file": "cacert-2019-11-27.pem",
- "sha256": "0d98a1a961aab523c9dc547e315e1d79e887dea575426ff03567e455fc0b66b4",
- "signature": "74b8a1435f10bed11c57ef2a8e8ff79011fc5eda9b5686a2b2d0b18ae191f4b3a99de96993fb441679ab479120685e420a86aac5d83f445422fc57765cc20c00",
- "trust-channel": "Mozilla"
- },
- {
- "chronicle": "qRzI9Hpck8sbbRi4I0-8TNkEl8Y8DD0myOpN6gWlAwU=",
- "date": "2019-10-16",
- "file": "cacert-2019-10-16.pem",
- "sha256": "5cd8052fcf548ba7e08899d8458a32942bf70450c9af67a0850b4c711804a2e4",
- "signature": "3867e0681ee141d285fc59b252e8f0fae52c0d7748db83eb7b1f2ed0fc94c901484bcccf6e91c9d59c9d0f2f4835c315c1a22ccbafa08db20e36a5c7db68190c",
- "trust-channel": "Mozilla"
- },
- {
- "chronicle": "PW9pdgWmCjmswCmDLzJY51ENVdBRcZcJiUwKHBfQc2k=",
- "date": "2019-08-28",
- "file": "cacert-2019-08-28.pem",
- "sha256": "38b6230aa4bee062cd34ee0ff6da173250899642b1937fc130896290b6bd91e3",
- "signature": "4bd4fae2644726f4f9298b5d9399430c18db88d8f72ea6cdc89429dd43daf5032fb632912697643549938277a7b5235c3353da1b79ff14da3333aef16acfdd03",
- "trust-channel": "Mozilla"
- },
- {
- "chronicle": "WQG3tH3CiLHg_upN0ABhKiYWOGwH3n9l4pM04bXwG54=",
- "date": "2019-05-15",
- "file": "cacert-2019-05-15.pem",
- "sha256": "cb2eca3fbfa232c9e3874e3852d43b33589f27face98eef10242a853d83a437a",
- "signature": "d368533011b7e9eb09d1cc3a78faef70adcd1188aaee7a47698e0783339275b9b506a982c98dee119969c599581275f76733e0c2f96380405faed1d8678a0302",
- "trust-channel": "Mozilla"
- },
- {
- "chronicle": "ZUzngWCbx2xWxJnqnqDLtbOxFNqA6zztMt-tmYPYdoc=",
- "date": "2019-01-23",
- "file": "cacert-2019-01-23.pem",
- "sha256": "c1fd9b235896b1094ee97bfb7e042f93530b5e300781f59b45edf84ee8c75000",
- "signature": "28d301881a3920c84bb59e61ae1ead38f38657da8bd727b4a3204e3e0455a310bd706848d701b7132a1b4f5634b13b1ecd6df4630cff47b3aa2c9989de2ec902",
- "trust-channel": "Mozilla"
- },
- {
- "chronicle": "5PQ6rLnMQyLLRGX_eC5TiwajK50yQm2DMpCYE1i7C3M=",
- "date": "2018-12-05",
- "file": "cacert-2018-12-05.pem",
- "sha256": "4d89992b90f3e177ab1d895c00e8cded6c9009bec9d56981ff4f0a59e9cc56d6",
- "signature": "950d49617edd8b4efd0096a3f487c9072f41a199b87951418d1a9850e0b6a579ebb8e71c35f25fb0ca0a5cbfe947146c2c2bc94007e5baf4eeb6b38f1185af03",
- "trust-channel": "Mozilla"
- },
- {
- "chronicle": "geBD0phpZn7JONi35qOvpjOj1y1JfpezXVOXfOUIlxg=",
- "date": "2018-10-17",
- "file": "cacert-2018-10-17.pem",
- "sha256": "86695b1be9225c3cf882d283f05c944e3aabbc1df6428a4424269a93e997dc65",
- "signature": "d6fc0fb3d21356651d1e76c3e4fff862fcbaae21e4fd8011a34926365b0a45d35c3a57e631b9767df234018f91acff66ac4c60669f9efdcd6d9d74072285710a",
- "trust-channel": "Mozilla"
- },
- {
- "chronicle": "EBF8N4OMJRr_GnDrP0A27d7hTF0Tbf2FMfgR2Wl7Uy0=",
- "date": "2018-06-20",
- "file": "cacert-2018-06-20.pem",
- "sha256": "238823cd92d3bcdd67c1c278536d6c282dd6b526ee6ee97efbf00ef31d8c5d79",
- "signature": "fd37524d4635ca88cf0ddf0493f6eec7ba0981b291aaac63b25a21a77721fadcda9ce4f9316f7f13b94e2869df55d4f1c07901bb8b84484bee6d10cadb33a104",
- "trust-channel": "Mozilla"
- },
- {
- "chronicle": "Jmto9HgxYETn-1JA6YVjDEs7OyjY_bffb2kfy-AGM2E=",
- "date": "2018-03-07",
- "file": "cacert-2018-03-07.pem",
- "sha256": "79ea479e9f329de7075c40154c591b51eb056d458bc4dff76d9a4b9c6c4f6d0b",
- "signature": "06dc96f0bc32ee82eb7611ac7fe0bfa646fd4139a65fe7999a404377e4b4a3272f74c509c1cbb1a6f509c8c7d438e79e95982b1f992c7fc6071d99e6f103680c",
- "trust-channel": "Mozilla"
- },
- {
- "chronicle": "HuICLQCF_DWnQGbosC6fK8PuifQgIrRi2WYshB2erZY=",
- "date": "2018-01-17",
- "file": "cacert-2018-01-17.pem",
- "sha256": "defe310a0184a12e4b1b3d147f1d77395dd7a09e3428373d019bef5d542ceba3",
- "signature": "de2bb6e94f46c13eb52d8cd561d456367f0abe1ed0799eb9347ad2047c1d6bacebf275d42b4c5188231d76fcc5904e483c4bef0d41ca791448b23269b1b67d05",
- "trust-channel": "Mozilla"
- },
- {
- "chronicle": "pTmauXUmQrr2BN8uJX3mCKk0GSokHl61qHUrXsUFziE=",
- "date": "2017-09-20",
- "file": "cacert-2017-09-20.pem",
- "sha256": "435ac8e816f5c10eaaf228d618445811c16a5e842e461cb087642b6265a36856",
- "signature": "9007f7f0411d6d1f1f5136b247375e614a24216e4fc6c9d6d12642f986f3d45cea3daa2a19705579845a37488ce679f78a1b890d24da6157a2e9894d351fa70a",
- "trust-channel": "Mozilla"
- },
- {
- "chronicle": "tUgevWspRLIznoIx0G6XRMucU4XJSBV3qYZEPWovZV8=",
- "date": "2017-06-07",
- "file": "cacert-2017-06-07.pem",
- "sha256": "e78c8ab7b4432bd466e64bb942d988f6c0ac91cd785017e465bdc96d42fe9dd0",
- "signature": "ed1fc6af6827cac04da6caf40deffeadc2a19feba5281d7cf92d1563ad9af49b8d25bf459e5d5acec0fe723394f88f240d4b716e52f3835f9ab3caa3cc85380e",
- "trust-channel": "Mozilla"
- },
- {
- "chronicle": "vkGXMsFKfLlQBh3uYUQbLFdXKgQe5huy-pZZ-9cIDJ4=",
- "date": "2017-01-18",
- "file": "cacert-2017-01-18.pem",
- "sha256": "e62a07e61e5870effa81b430e1900778943c228bd7da1259dd6a955ee2262b47",
- "signature": "0f217f29c9711cd74ed60f0f6da886c166969945546a6e75e6fa8cf5ea87387f5fce1e1ced71af46095d2dd411a3676ec1aa40927cc0d47a91adaeef965b240b",
- "trust-channel": "Mozilla"
- },
- {
- "chronicle": "5dmkHGPHwnIOawjmnrbXBIXap92GqF2aDraASC12AVM=",
- "date": "2016-11-02",
- "file": "cacert-2016-11-02.pem",
- "sha256": "cc7c9e2d259e20b72634371b146faec98df150d18dd9da9ad6ef0b2deac2a9d3",
- "signature": "59687e4a471591fd09f2e9d84a595fd37618eadf0c4a3eef56feaca10100a175da520dbd068473189af3775ca91e1f48eb55155accb9d5c6137d25b6a9e93103",
- "trust-channel": "Mozilla"
- }
-]
+ {
+ "chronicle": "_4hP4cmNQ-z9feUaS_u48IagHWgNqOMlormPhk4b968=",
+ "date": "2022-07-19",
+ "file": "cacert-2022-07-19.pem",
+ "sha256": "6ed95025fba2aef0ce7b647607225745624497f876d74ef6ec22b26e73e9de77",
+ "signature": "0022b6276c1353367bc63100527f6f1e6b5e3195ae09d2a7b9f16a510fa74fcb0a3338edae05ab5ba6a6604d48262f5846daf8a835deac968c2f5702c66c3f09",
+ "trust-channel": "Mozilla",
+ "bad-bundle": "Marked bad on 2022-07-19T14:13:38+00:00 for reason: SHA256 mismatch"
+ },
+ {
+ "chronicle": "MsAFf8qPoG0CIgOPWKSc7Gm2yW3yWw1noeQloIY3fe0=",
+ "date": "2022-04-26",
+ "file": "cacert-2022-04-26.pem",
+ "sha256": "08df40e8f528ed283b0e480ba4bcdbfdd2fdcf695a7ada1668243072d80f8b6f",
+ "signature": "0022b6276c1353367bc63100527f6f1e6b5e3195ae09d2a7b9f16a510fa74fcb0a3338edae05ab5ba6a6604d48262f5846daf8a835deac968c2f5702c66c3f09",
+ "trust-channel": "Mozilla"
+ },
+ {
+ "chronicle": "i7AOI54CY6k4gkCg8JwQTncHgPlQK1AJFJfwVJRoUWg=",
+ "date": "2022-03-18",
+ "file": "cacert-2022-03-18.pem",
+ "sha256": "2d0575e481482551a6a4f9152e7d2ab4bafaeaee5f2606edb829c2fdb3713336",
+ "signature": "80039a6fc03173635138cd128bde1884eab3265c8202a3fa3bfff63eba04203200cc7289d8c89fbb12a54769098680ef128532b893a738467064f15674b34e05",
+ "trust-channel": "Mozilla"
+ },
+ {
+ "chronicle": "UBTl8kOHJQaIySGaOcj1pgj1riLzEL-slR5jnQKk0hQ=",
+ "date": "2022-02-01",
+ "file": "cacert-2022-02-01.pem",
+ "sha256": "1d9195b76d2ea25c2b5ae9bee52d05075244d78fcd9c58ee0b6fac47d395a5eb",
+ "signature": "0cec2588e826f19373b08cb72193d1e285d5523c4644d7592e71cc5645905c8f0a4400a02ae0faa7fb22b3295c6e86dbae4080f29ed2d7af2bb9a36daa87eb05",
+ "trust-channel": "Mozilla"
+ },
+ {
+ "chronicle": "qPtAFNW4gxaw7p5dzlU2dlpaFfcIKrYypHYq-wv4z3U=",
+ "date": "2021-10-26",
+ "file": "cacert-2021-10-26.pem",
+ "sha256": "ae31ecb3c6e9ff3154cb7a55f017090448f88482f0e94ac927c0c67a1f33b9cf",
+ "signature": "21bdd9871f8bcae2f354c4c09ae4a03e0a29e973c33a1d4607bf07e6b9b55cb2973c08cef3bcda5b064ba1971aed8e0399292bb823a7b2cfe0e6505e07b0120c",
+ "trust-channel": "Mozilla"
+ },
+ {
+ "chronicle": "qi_kK3qGdkbz5DnY9WssEUycqGWlR1qZV_pzRK8jTNg=",
+ "date": "2021-09-30",
+ "file": "cacert-2021-09-30.pem",
+ "sha256": "f524fc21859b776e18df01a87880efa198112214e13494275dbcbd9bcb71d976",
+ "signature": "ada589b1bb75ee867bee6ad3ff7af5c70b0dcdcd9370aac25791018d615642457c1aa97a1ed6245f8618d970c64e0d6211befed168137aaf89ee9c5369a2070d",
+ "trust-channel": "Mozilla"
+ },
+ {
+ "chronicle": "HwWisDykcIRkFMYVxvTkcpmNQapX0bTtkgWAZYhfHoo=",
+ "date": "2021-07-05",
+ "file": "cacert-2021-07-05.pem",
+ "sha256": "a3b534269c6974631db35f952e8d7c7dbf3d81ab329a232df575c2661de1214a",
+ "signature": "f1d5bfba84a875440495647fbb172b7cd690835cea1257ccfc588182f788c302cbcb765cf28b37331afb6a1b59766a23c39b57930ab53516f698b01ce24f7e0e",
+ "trust-channel": "Mozilla"
+ },
+ {
+ "chronicle": "lX11jIxsfv5zRRn101HwYvme0dlsjDsbQGCq3X2hbEk=",
+ "date": "2021-05-25",
+ "file": "cacert-2021-05-25.pem",
+ "sha256": "3a32ad57e7f5556e36ede625b854057ac51f996d59e0952c207040077cbe48a9",
+ "signature": "902eca7e6c2985e17a69d3dbbff0b62bef26261b27372e0674685a52cd19044ec2094286474a8f2d6c24236e97390174558b60869b63c0041d9c1668790e1308",
+ "trust-channel": "Mozilla"
+ },
+ {
+ "chronicle": "b-9qXkNR-mM_zU3Jy-WfgWIEZ2cYeKwrnoa1vrFkH6o=",
+ "date": "2021-04-13",
+ "file": "cacert-2021-04-13.pem",
+ "sha256": "533610ad2b004c1622a40622f86ced5e89762e1c0e4b3ae08b31b240d863e91f",
+ "signature": "6f9e9b320cdd771b41556deea796f817eb4eff93d72d023d857dfb51c9b03490417a456d39dfdfb4e947ceb412d344c87a6ec31fc5ce820da37ce3233992ff0e",
+ "trust-channel": "Mozilla"
+ },
+ {
+ "chronicle": "g0XRUTaOBRgYdWNVCfAtSukBAOcDwpYILu1zWBRS1CM=",
+ "date": "2021-01-19",
+ "file": "cacert-2021-01-19.pem",
+ "sha256": "e010c0c071a2c79a76aa3c289dc7e4ac4ed38492bfda06d766a80b707ebd2f29",
+ "signature": "c5057562dd4610ea5a2fae7db283a6d10b80802f62da164885dd99abe95621e6ba90ee341b5e472b7d243607431ffa0a4750cbd9bc06ff5a001ef1b3eaef4a09",
+ "trust-channel": "Mozilla"
+ },
+ {
+ "chronicle": "527Ync4-R9x1vU0zRjb0HegpaEm0PG7CdniSF_v1Kps=",
+ "date": "2020-12-08",
+ "file": "cacert-2020-12-08.pem",
+ "sha256": "313d562594ebd07846ad6b840dd18993f22e0f8b3f275d9aacfae118f4f00fb7",
+ "signature": "5cbaeb63be8978a6a0340d70bdc97a8f6dff181bbdd6db5bef03bbc3a1c9fa0daa8b1e9410021bf62bc52478743477c76502a3cef1103a8bd9c9e5c9b4017907",
+ "trust-channel": "Mozilla"
+ },
+ {
+ "chronicle": "ODYFGSzD1oJ2sqqXs_XvtUW1pjoraYGcJtWlJnvn9eo=",
+ "date": "2020-10-14",
+ "file": "cacert-2020-10-14.pem",
+ "sha256": "bb28d145ed1a4ee67253d8ddb11268069c9dafe3db25a9eee654974c4e43eee5",
+ "signature": "87bb0a9756dfd5877d4340a4a069d8909da3fdeb8a6015819dfd870e30c76ba8a2fbd3828eec408b744d645a751042e16905e7a36607e6bb526a687b41ed3306",
+ "trust-channel": "Mozilla"
+ },
+ {
+ "chronicle": "_GX0WG0O7NIuXh_xMO_MGjTZz6wEUE4VKWYPWvc0DEM=",
+ "date": "2020-07-22",
+ "file": "cacert-2020-07-22.pem",
+ "sha256": "2782f0f8e89c786f40240fc1916677be660fb8d8e25dede50c9f6f7b0c2c2178",
+ "signature": "0a9c70bd5837fa8ebc13038e9c1d7bae2c771984dcc1e3d69b15ef7d9efbc1e0aa459fd856895116c184d61c6232f5a2f0f6304852c98fba41db728f7efd2308",
+ "trust-channel": "Mozilla"
+ },
+ {
+ "chronicle": "Q55vLfKV5CwScvCtHfgHh6ZA7Yznt0KTuwXZXNPMNKw=",
+ "date": "2020-06-24",
+ "file": "cacert-2020-06-24.pem",
+ "sha256": "726889705b00f736200ed7999f7a50021b8735d53228d679c4e6665aa3b44987",
+ "signature": "deb7deb691a637d40e727043365779f66cc3672f421a9097604916880a2b7b456b31d55c76b8f17afa41ac01b0645c5e3e6d7654196b4d9c92686e086162c30c",
+ "trust-channel": "Mozilla"
+ },
+ {
+ "chronicle": "wCG8YrvbmDm9gefwmjB4eAjlRJiHxKVAcsiuoGLIqik=",
+ "date": "2020-01-01",
+ "file": "cacert-2020-01-01.pem",
+ "sha256": "adf770dfd574a0d6026bfaa270cb6879b063957177a991d453ff1d302c02081f",
+ "signature": "e0f50aa86e2977f37ec4c5dba72dd1aaea87389c439d701709d0fbe3351d59225da33b601e1c0789c8b6c1418f3c337daca24f63f17565e46bf3b2873928d20e",
+ "trust-channel": "Mozilla"
+ },
+ {
+ "chronicle": "it79kHqPiO9miqIkDLuWEN8O4fCSiP3gMdCp9pVKV2I=",
+ "date": "2019-11-27",
+ "file": "cacert-2019-11-27.pem",
+ "sha256": "0d98a1a961aab523c9dc547e315e1d79e887dea575426ff03567e455fc0b66b4",
+ "signature": "74b8a1435f10bed11c57ef2a8e8ff79011fc5eda9b5686a2b2d0b18ae191f4b3a99de96993fb441679ab479120685e420a86aac5d83f445422fc57765cc20c00",
+ "trust-channel": "Mozilla"
+ },
+ {
+ "chronicle": "qRzI9Hpck8sbbRi4I0-8TNkEl8Y8DD0myOpN6gWlAwU=",
+ "date": "2019-10-16",
+ "file": "cacert-2019-10-16.pem",
+ "sha256": "5cd8052fcf548ba7e08899d8458a32942bf70450c9af67a0850b4c711804a2e4",
+ "signature": "3867e0681ee141d285fc59b252e8f0fae52c0d7748db83eb7b1f2ed0fc94c901484bcccf6e91c9d59c9d0f2f4835c315c1a22ccbafa08db20e36a5c7db68190c",
+ "trust-channel": "Mozilla"
+ },
+ {
+ "chronicle": "PW9pdgWmCjmswCmDLzJY51ENVdBRcZcJiUwKHBfQc2k=",
+ "date": "2019-08-28",
+ "file": "cacert-2019-08-28.pem",
+ "sha256": "38b6230aa4bee062cd34ee0ff6da173250899642b1937fc130896290b6bd91e3",
+ "signature": "4bd4fae2644726f4f9298b5d9399430c18db88d8f72ea6cdc89429dd43daf5032fb632912697643549938277a7b5235c3353da1b79ff14da3333aef16acfdd03",
+ "trust-channel": "Mozilla"
+ },
+ {
+ "chronicle": "WQG3tH3CiLHg_upN0ABhKiYWOGwH3n9l4pM04bXwG54=",
+ "date": "2019-05-15",
+ "file": "cacert-2019-05-15.pem",
+ "sha256": "cb2eca3fbfa232c9e3874e3852d43b33589f27face98eef10242a853d83a437a",
+ "signature": "d368533011b7e9eb09d1cc3a78faef70adcd1188aaee7a47698e0783339275b9b506a982c98dee119969c599581275f76733e0c2f96380405faed1d8678a0302",
+ "trust-channel": "Mozilla"
+ },
+ {
+ "chronicle": "ZUzngWCbx2xWxJnqnqDLtbOxFNqA6zztMt-tmYPYdoc=",
+ "date": "2019-01-23",
+ "file": "cacert-2019-01-23.pem",
+ "sha256": "c1fd9b235896b1094ee97bfb7e042f93530b5e300781f59b45edf84ee8c75000",
+ "signature": "28d301881a3920c84bb59e61ae1ead38f38657da8bd727b4a3204e3e0455a310bd706848d701b7132a1b4f5634b13b1ecd6df4630cff47b3aa2c9989de2ec902",
+ "trust-channel": "Mozilla"
+ },
+ {
+ "chronicle": "5PQ6rLnMQyLLRGX_eC5TiwajK50yQm2DMpCYE1i7C3M=",
+ "date": "2018-12-05",
+ "file": "cacert-2018-12-05.pem",
+ "sha256": "4d89992b90f3e177ab1d895c00e8cded6c9009bec9d56981ff4f0a59e9cc56d6",
+ "signature": "950d49617edd8b4efd0096a3f487c9072f41a199b87951418d1a9850e0b6a579ebb8e71c35f25fb0ca0a5cbfe947146c2c2bc94007e5baf4eeb6b38f1185af03",
+ "trust-channel": "Mozilla"
+ },
+ {
+ "chronicle": "geBD0phpZn7JONi35qOvpjOj1y1JfpezXVOXfOUIlxg=",
+ "date": "2018-10-17",
+ "file": "cacert-2018-10-17.pem",
+ "sha256": "86695b1be9225c3cf882d283f05c944e3aabbc1df6428a4424269a93e997dc65",
+ "signature": "d6fc0fb3d21356651d1e76c3e4fff862fcbaae21e4fd8011a34926365b0a45d35c3a57e631b9767df234018f91acff66ac4c60669f9efdcd6d9d74072285710a",
+ "trust-channel": "Mozilla"
+ },
+ {
+ "chronicle": "EBF8N4OMJRr_GnDrP0A27d7hTF0Tbf2FMfgR2Wl7Uy0=",
+ "date": "2018-06-20",
+ "file": "cacert-2018-06-20.pem",
+ "sha256": "238823cd92d3bcdd67c1c278536d6c282dd6b526ee6ee97efbf00ef31d8c5d79",
+ "signature": "fd37524d4635ca88cf0ddf0493f6eec7ba0981b291aaac63b25a21a77721fadcda9ce4f9316f7f13b94e2869df55d4f1c07901bb8b84484bee6d10cadb33a104",
+ "trust-channel": "Mozilla"
+ },
+ {
+ "chronicle": "Jmto9HgxYETn-1JA6YVjDEs7OyjY_bffb2kfy-AGM2E=",
+ "date": "2018-03-07",
+ "file": "cacert-2018-03-07.pem",
+ "sha256": "79ea479e9f329de7075c40154c591b51eb056d458bc4dff76d9a4b9c6c4f6d0b",
+ "signature": "06dc96f0bc32ee82eb7611ac7fe0bfa646fd4139a65fe7999a404377e4b4a3272f74c509c1cbb1a6f509c8c7d438e79e95982b1f992c7fc6071d99e6f103680c",
+ "trust-channel": "Mozilla"
+ },
+ {
+ "chronicle": "HuICLQCF_DWnQGbosC6fK8PuifQgIrRi2WYshB2erZY=",
+ "date": "2018-01-17",
+ "file": "cacert-2018-01-17.pem",
+ "sha256": "defe310a0184a12e4b1b3d147f1d77395dd7a09e3428373d019bef5d542ceba3",
+ "signature": "de2bb6e94f46c13eb52d8cd561d456367f0abe1ed0799eb9347ad2047c1d6bacebf275d42b4c5188231d76fcc5904e483c4bef0d41ca791448b23269b1b67d05",
+ "trust-channel": "Mozilla"
+ },
+ {
+ "chronicle": "pTmauXUmQrr2BN8uJX3mCKk0GSokHl61qHUrXsUFziE=",
+ "date": "2017-09-20",
+ "file": "cacert-2017-09-20.pem",
+ "sha256": "435ac8e816f5c10eaaf228d618445811c16a5e842e461cb087642b6265a36856",
+ "signature": "9007f7f0411d6d1f1f5136b247375e614a24216e4fc6c9d6d12642f986f3d45cea3daa2a19705579845a37488ce679f78a1b890d24da6157a2e9894d351fa70a",
+ "trust-channel": "Mozilla"
+ },
+ {
+ "chronicle": "tUgevWspRLIznoIx0G6XRMucU4XJSBV3qYZEPWovZV8=",
+ "date": "2017-06-07",
+ "file": "cacert-2017-06-07.pem",
+ "sha256": "e78c8ab7b4432bd466e64bb942d988f6c0ac91cd785017e465bdc96d42fe9dd0",
+ "signature": "ed1fc6af6827cac04da6caf40deffeadc2a19feba5281d7cf92d1563ad9af49b8d25bf459e5d5acec0fe723394f88f240d4b716e52f3835f9ab3caa3cc85380e",
+ "trust-channel": "Mozilla"
+ },
+ {
+ "chronicle": "vkGXMsFKfLlQBh3uYUQbLFdXKgQe5huy-pZZ-9cIDJ4=",
+ "date": "2017-01-18",
+ "file": "cacert-2017-01-18.pem",
+ "sha256": "e62a07e61e5870effa81b430e1900778943c228bd7da1259dd6a955ee2262b47",
+ "signature": "0f217f29c9711cd74ed60f0f6da886c166969945546a6e75e6fa8cf5ea87387f5fce1e1ced71af46095d2dd411a3676ec1aa40927cc0d47a91adaeef965b240b",
+ "trust-channel": "Mozilla"
+ },
+ {
+ "chronicle": "5dmkHGPHwnIOawjmnrbXBIXap92GqF2aDraASC12AVM=",
+ "date": "2016-11-02",
+ "file": "cacert-2016-11-02.pem",
+ "sha256": "cc7c9e2d259e20b72634371b146faec98df150d18dd9da9ad6ef0b2deac2a9d3",
+ "signature": "59687e4a471591fd09f2e9d84a595fd37618eadf0c4a3eef56feaca10100a175da520dbd068473189af3775ca91e1f48eb55155accb9d5c6137d25b6a9e93103",
+ "trust-channel": "Mozilla"
+ }
+]
(PHP 7.2.4)
I'm sure this is on your radar, but just incase....
PHP Warning: A non-numeric value encountered in vendor/paragonie/certainty/src/Certainty.php on line 33
PHP message: PHP Warning: Use of undefined constant CURL_SSLVERSION_TLSv1_2 - assumed 'CURL_SSLVERSION_TLSv1_2' (this will throw an Error in a future version of PHP) in vendor/paragonie/certainty/src/Certainty.php on line 33
It would be good to add advantages over long existing Composer library: https://github.com/composer/ca-bundle
This is a cool project. There are many times where servers use custom CAs or self-signed certs, such as Active Directory (LDAP). It would be really nice if this would allow plugging in those certs in some easy way.
Do I need to assign permission to vendor folder?
Warning: rename(/var/www/html/wwwtest/vendorca/paragonie/certainty/data/ca-certs.json,/var/www/html/wwwtest/vendorca/paragonie/certainty/data/ca-certs-backup-20171025150453.json): Permission denied in /var/www/html/wwwtest/vendorca/paragonie/certainty/src/RemoteFetch.php on line 120
Warning: file_put_contents(/var/www/html/wwwtest/vendorca/paragonie/certainty/data/ca-certs.json): failed to open stream: Permission denied in /var/www/html/wwwtest/vendorca/paragonie/certainty/src/RemoteFetch.php on line 123
Warning: file_put_contents(/var/www/html/wwwtest/vendorca/paragonie/certainty/data/ca-certs.cache): failed to open stream: Permission denied in /var/www/html/wwwtest/vendorca/paragonie/certainty/src/RemoteFetch.php on line 144
Fatal error: Uncaught Exception: Could not download bundles in /var/www/html/wwwtest/vendorca/paragonie/certainty/src/RemoteFetch.php:98 Stack trace: #0 /var/www/html/wwwtest/vendorca/paragonie/certainty/src/Fetch.php(39): ParagonIE\Certainty\RemoteFetch->listBundles() #1 /var/www/html/wwwtest/test.php(11): ParagonIE\Certainty\Fetch->getLatestBundle() #2 {main} thrown in /var/www/html/wwwtest/vendorca/paragonie/certainty/src/RemoteFetch.php on line 98
Hello,
If I understand the source code correctly, if GitHub is down or there is some kind of network availability issue, RemoteFetch::remoteFetchBundles()
is going to throw a TransferException
from Guzzle. Do I have this right? In other words, to properly use this class, we should wrap calls to getLatestBundle()
in try/catch and fall back to the Fetch
class?
This is not exactly a significant difference:
diff --git a/cacert-2022-03-18.pem b/cacert-2022-03-29.pem
index e91e25f..5dbd0af 100644
--- a/cacert-2022-03-18.pem
+++ b/cacert-2022-03-29.pem
@@ -1,7 +1,7 @@
##
## Bundle of CA Root Certificates
##
-## Certificate data from Mozilla as of: Fri Mar 18 12:29:51 2022 GMT
+## Certificate data from Mozilla as of: Tue Mar 29 03:12:05 2022 GMT
##
## This is a bundle of X.509 certificates of public Certificate Authorities
## (CA). These were automatically extracted from Mozilla's root certificates
@@ -14,7 +14,7 @@
## Just configure this file as the SSLCACertificateFile.
##
## Conversion done with mk-ca-bundle.pl version 1.29.
-## SHA256: 187ef9dc231135324fe78830cf4462f1ecdeab3e6c9d5e38d623391e88dc5d3c
+## SHA256: d59c5c83ce7a7635fa95521d8d245677949b86d5574bfcc6f855b6a48f2d5566
##
Should we bother adding the 2022-03-29 bundle for completeness?
When testCreateSymlink()
test from BundleTest.php is run successfully create a link called "symlink-test". This file is not unlinked on teardown, and subsequent tests will check for the file and unlink if it exists. However, the symlink does exist as a modified file in the repo unless manually removed.
Do you think the link should be automatically removed after checking for the assertion or explicitly added to .gitignore?
Situation: I have found a CURLOPT_SSL_VERIFYPEER => false
in some code that runs in production on a remote Windows machine. It's an epic PITA to update / test the final environment, so I'd like to be reasonably sure the requirements are met before I ask our team to fix it.
I would assume this works, but on the other hand, documentation does mention symlinks with no caveats. (I've looked at the README, the main docs, and the RemoteFetch docs.)
PHP Version: 7.2.2
composer require paragonie/certainty:^1
When running a test to check the file path is valid using:
<?php
use ParagonIE\
{
Certainty\RemoteFetch
};
$fetcher = (new RemoteFetch())->getLatestBundle();
echo $fetcher->getFilePath();
I'm met with:
Uncaught ParagonIE\Certainty\Exception\BundleException: No valid bundles were found in the data directory. in ../vendor/paragonie/certainty/src/Fetch.php:80
Looking to ./data
I'm seeing:
ca-certs-backup-20180219145811.json
ca-certs.cache
ca-certs.json
cacert-2016-11-02.pem
cacert-2017-01-16.pem
cacert-2017-06-07.pem
cacert-2017-09-20.pem
cacert-2018-01-17.pem
Thus it looks like we just need an updated cacert-*.pem
correct?
As per the almighty docs (certainty/docs/README.md), certain permissions are required for certainty
to run as intended.
Unfortunately this then interferes with later php composer.phar update
runs as outlined below:
[foobar@wwl lib]$ php composer.phar update
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 0 installs, 1 update, 0 removals
- Updating paragonie/certainty (v1.0.3 => v1.0.4): Update failed (Could not delete /blah/vendor/paragonie/certainty/data/cacert-2016-11-02.pem: )
Would you like to try reinstalling the package instead [yes]? yes
- Removing paragonie/certainty (v1.0.3)
[RuntimeException]
Could not delete /blah/vendor/paragonie/certainty/data/cacert-2016-11-02.pem:
update [--prefer-source] [--prefer-dist] [--dry-run] [--dev] [--no-dev] [--lock] [--no-custom-installers] [--no-autoloader] [--no-scripts] [--no-progress] [--no-suggest] [--with-dependencies] [--with-all-d
ependencies] [-v|vv|vvv|--verbose] [-o|--optimize-autoloader] [-a|--classmap-authoritative] [--apcu-autoloader] [--ignore-platform-reqs] [--prefer-stable] [--prefer-lowest] [-i|--interactive] [--root-reqs]
[--] [<packages>]...
Running php composer.phar update
as root is an undesirable concept and the daemon user tends to have no shell so can't run it as that either.
Perhaps you could find an cleverer way of dealing with the issue ? e.g. perhaps using the semi-volatile /tmp
storage area instead of a composer vendor sub-dir ?
We should ship a CLI tool accessible via e.g. vendor/bin/certainty
that runs something like the the following:
<?php
if ($argc < 2) {
die('Usage: vendor/bin/certainty /path/to/desired/cacert.pem');
}
(new \ParagonIE\Certainty\Fetch())
->getLatestBundle()
->createSymlink($argv[1], true);
Open source projects can then just create a post-update hook that runs that command, and voila. CA Certificates solved forever.
If you're seeing certificate bundle update failures, update to https://github.com/paragonie/certainty/releases/tag/v2.9.0 and clear your cache.
The default declaration of RemoteFetch always throws a FilesystemException
because $dataDir
is empty. I think $dataDir
should be a mandatory argument or have a default value of "."
. What do you think.
It occured when using https://github.com/paragonie/quill with the default $http
constructor argument. I stumbled upon this when trying the example from the Quill Readme on PHP 7.2.18
<?php
use ParagonIE\Certainty\RemoteFetch;
$remoteFetch = new RemoteFetch('/var/www/my-project/data/certs');
$remoteFetch->getAllBundles();
$remoteFetch->getLatestBundle();
It doesn't seem any of the bundles are validated when doing this, if getAllBundles
has been run once no validation is ever performed on the retrieved content.
It looked like the custom Chronicle URL was also never used, but that might have been a "me" issue... but this does seem to be real, is this intended?
The php-chronicle is down ?
https://downforeveryoneorjustme.com/php-chronicle.pie-hosted.com
Is this a single point of failure?
What do to now?
Just do minor / bugfix releases on updates. This will make it usable as dependency for libraries instead of projects only without a need for minimum-stability: dev
.
PHP 7.1.17
Windows 8
Fatal error: Uncaught GuzzleHttp\Exception\RequestException: cURL error 60: SSL certificate problem: unable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html) in C:\testProject\vendor\guzzlehttp\guzzle\src\Handler\CurlFactory.php on line 186
GuzzleHttp\Exception\RequestException: cURL error 60: SSL certificate problem: unable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html) in C:\testProject\vendor\guzzlehttp\guzzle\src\Handler\CurlFactory.php on line 186
Call Stack:
0.0004 352072 1. {main}() C:\testProject\temp\testCertainty.php:0
0.0618 2258456 2. ParagonIE\Certainty\RemoteFetch->getLatestBundle() C:\testProject\temp\testCertainty.php:7
0.0618 2258456 3. ParagonIE\Certainty\RemoteFetch->listBundles() C:\testProject\vendor\paragonie\certainty\src\Fetch.php:64
0.0619 2258456 4. ParagonIE\Certainty\RemoteFetch->remoteFetchBundles() C:\testProject\vendor\paragonie\certainty\src\RemoteFetch.php:113
0.0619 2258568 5. GuzzleHttp\Client->get() C:\testProject\vendor\paragonie\certainty\src\RemoteFetch.php:128
0.0619 2258840 6. GuzzleHttp\Client->__call() C:\testProject\vendor\paragonie\certainty\src\RemoteFetch.php:128
0.0619 2258840 7. GuzzleHttp\Client->request() C:\testProject\vendor\guzzlehttp\guzzle\src\Client.php:89
0.9388 2579872 8. GuzzleHttp\Promise\RejectedPromise->wait() C:\testProject\vendor\guzzlehttp\guzzle\src\Client.php:131
My apologies if I'm being stupid here but.....
I was getting this error in my code. So I simplified as much as possible:
<?php
use ParagonIE\Certainty\RemoteFetch;
require '../../vendor/autoload.php';
mkdir("/tmp/aaa");
$fetcher = new RemoteFetch("/tmp/aaa");
var_dump($fetcher->getLatestBundle());
This still yields the same:
Fatal error: Uncaught ParagonIE\Certainty\Exception\FilesystemException: ca-certs.json not found in data directory. in /blah/vendor/paragonie/certainty/src/Fetch.php:116
Stack trace:
#0 /blah/vendor/paragonie/certainty/src/Fetch.php(63): ParagonIE\Certainty\Fetch->listBundles()
#1 /blah/vendor/paragonie/certainty/src/Certainty.php(32): ParagonIE\Certainty\Fetch->getLatestBundle()
#2 /blah/vendor/paragonie/certainty/src/Validator.php(104): ParagonIE\Certainty\Certainty::getGuzzleClient()
#3 /blah/vendor/paragonie/certainty/src/Fetch.php(78): ParagonIE\Certainty\Validator::checkChronicleHash(Object(ParagonIE\Certainty\Bundle))
#4 /blah/local/foobar/TESTTEST.php(10): ParagonIE\Certainty\Fetch->getLatestBundle()
#5 {main}
thrown in /blah/vendor/paragonie/certainty/src/Fetch.php on line 116
But ....
$ ls -la /tmp/aaa/
total 1456
drwxrwxr-x. 2 foobar foobar 4096 Apr 9 23:44 .
drwxrwxrwt. 17 root root 8192 Apr 9 23:44 ..
-rw-rw-r--. 1 foobar foobar 263596 Apr 9 23:44 cacert-2016-11-02.pem
-rw-rw-r--. 1 foobar foobar 261889 Apr 9 23:44 cacert-2017-01-18.pem
-rw-rw-r--. 1 foobar foobar 256008 Apr 9 23:44 cacert-2017-06-07.pem
-rw-rw-r--. 1 foobar foobar 236061 Apr 9 23:44 cacert-2017-09-20.pem
-rw-rw-r--. 1 foobar foobar 223903 Apr 9 23:44 cacert-2018-01-17.pem
-rw-rw-r--. 1 foobar foobar 215556 Apr 9 23:44 cacert-2018-03-07.pem
-rw-rw-r--. 1 foobar foobar 25 Apr 9 23:44 ca-certs.cache
-rw-rw-r--. 1 foobar foobar 2205 Apr 9 23:44 ca-certs.json
Bearing in mind /tmp/aaa
didn't even exist before I executed the PHP !
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.